If you use AWS Transit Gateway, you can deploy the PCG in any VPC and connect this VPC with the Transit Gateway.
Follow instructions at Deploy PCG in a VPC.
Any other VPCs connected to the Transit Gateway can have their workload VMs managed by NSX-T Data Center for micro-segmentation.
NSX Cloud does not manage networking between the Transit and Compute VPCs or the workload VMs. All NSX-T Data Center networking constructs are created upon
PCG deployment but only the Security constructs are valid if you are working with AWS Transit Gateway. See
Security Entities for a list of auto-created security policies after
PCG deployment.
- Currently only NSX Enforced Mode is supported. You must install NSX Tools in your workload VMs. See NSX Enforced Mode in the NSX-T Data Center Administration Guide for instructions.
- The VPC where you deploy PCG – Transit VPC – must have the same subnets as required by a Transit VPC that is not using the AWS Transit Gateway. See Subnets Required in Your VPC/VNet to deploy PCG for details.
- You must link compute VPCs to the Transit VPC. See Link to a Transit VPC or VNet for instructions.
- You must ensure that workload VMs with NSX Tools installed on them have connectivity with the management subnet of the Transit VPC.
- To utilize micro-segmentation, you must add a Forwarding Policy with the following values:
Option Value Sources A Group in NSX Manager that contains all NSX-Managed VMs from your Transit and Compute VPCs Destinations All (0.0.0.0/0) Services Any Action Route to Underlay